Cyber-Physical System Security

A Cyber-Physical System (CPS) involves the interconnection of the digital world with the physical world, and include a wide range of technologies such as power grids actuators, vehicle infotainment systems, medical health devices, and Internet-connected appliances. The consumer movement for CPS is called the Internet of Things (IoT), while established industrial applications are called Industrial Control Systems (ICS).

Ubiquitous broadband technologies such as 4G-LTE paired with rapid advances in cloud computing and big data are resulting in the CPS “smart” revolution. Technologies such as smartgrid and intelligent transportation are using high-speed access to the cloud to find efficiencies in complex, dynamic systems. By 2018, of the nearly 20 billion Internet-connected devices, cyber-physical systems will exceed the number of traditional computers, tablets, and smartphones.

Fundamental security and privacy challenges have not yet been addressed for IoT and ICS. The graphic below shows a number of high-profile stories that have been more widely covered by the media, but many others go underreported such as the October 2014 announcement from DHS that Russian hackers have had malware in U.S. industrial control software for over two years and if triggered it could have caused major disruption to our power grid.

Critical Infrastructure Security

ICS has come under increasing scrutiny since Executive Order 13636 which has put into motion additional regulation of critical infrastructure systems to improve the US’s overall cybersecurity posture. Many of these devices use small, low-power microprocessors and are designed to operate in industrial settings for decades at a time using proprietary interfaces that have no notions of authentication or encryption. As the “smart” revolution begins connecting them to the cloud, the risk grows exponentially.

Additionally, the security in safety-critical consumer products such as medical health devices and automobiles is of key concern. While Internet-enabled healthcare offers significant opportunities to improve patient care and reduce costs, the technologies must be secure. Similarly, connected vehicle technology allow cars to warn each other of impending hazards and reduce the risk of accidents, but if hacked those same systems can be used to intentionally cause collisions.

Lastly, the movement toward advanced manufacturing is enabling new products at lower costs, but is also introducing new cybersecurity threats to the supply chain. Virginia Tech researchers were among the first to demonstrate that malware can manipulate digital designs prior to fabrication that can lead to component and system failures.

Addressing these challenges requires interdisciplinary research into embedded system security, control system security, network and wireless security, and the security of cloud and big data systems.

Privacy in the Internet of Things

Another major challenge in Internet-connected systems is the amount of data and metadata that can be harvested. This information can be a key enabler of the big data algorithms that underlie the efficiencies of the “smart” revolution, but can also represent an invasion of privacy. Consumers are losing control of their metadata at an alarming pace, from mobile apps that harvest information and sell it to advertisers, to department stores that track your cell phone’s WiFi signal to track your movements.

To address privacy concerns, the consumer must be put in charge of their metadata and be able to specify the amount of abstraction and aggregation it must undergo before it can be reported to a third party. This requires interdisciplinary research into privacy-preserving approaches to cryptography, data mining, and cloud computing.

Virginia Tech's Focus

The Hume Center is leading efforts for Virginia Tech to develop research and education programs focused in CPS Security. The following are active areas of collaboration across the university and ongoing initiatives.

CPS Security Lab

Leveraging an investment from the Commonwealth of Virginia, the Hume Center is currently constructing a lab focused in CPS Security in the Virginia Tech National Capital Region. This lab will bring together industry and government sponsors to address fundamental security challenges with embedded systems and networks and their application in energy and transportation networks.

Research Collaborations

Energy Cybersecurity: Collaboration with the Advanced Research Institute and their work on smartgrid to investigate security challenges with industrial control processes in the energy sector